On September 24, 2014, it was widely announced that the command-line shell “Bash”, employed on many instances of the Unix operating system, contained a security vulnerability. Subsequently, Magensa performed an internal security review to determine if our systems were vulnerable to the flaws discovered in Bash. Only a small number of network devices in our production system employ Unix as an operating system and have Bash installed. These devices are all provided by the same vendor. We immediately contacted this vendor and received the following response:
"We are not currently aware of any direct risk from this issue to the main traffic path for [redacted]. Some risk may exist for management interfaces so, in line with existing best practice, we recommend that access to any [redacted] management interfaces are constrained to trusted users and networks only."
As Magensa engineers and technicians already use best practices for the controlled use of console or remote-access interfaces, including two-factor authentication and trusted, closed networks, we do not believe that Magensa systems are exposed to this vulnerability. If this vendor provides a patch to address the vulnerability, as per our normal practice we will review the patch and determine if application of the patch is warranted.
Thank you for your continued support of Magensa. If you have further questions, please address them to firstname.lastname@example.org.